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Mobile network authentication for protecting content 




The present invention relates to a method of and a device for protecting 
content stored on a storage medium against unauthorized access, said storage medium being 
accessible by a drive of a portable device which is connectable to a network. Further, the 
present invention relates to a method of and a device for accessing such content and to a 
computer program for implementing said methods* The invention relates in particular to a 
mobile phone comprising a drive for accessing a removable storage medium. 

Next generations of portable devices, such as in particular mobile phones, will 
include a drive for accessing a removable storage medium, such as a small form factor optical 
(SFFO) disc, a removable hard disc or a semiconductor memory. These removable storage 
media will be used to store users' private data such as photos, videos, medical records or 
other information. One of the requirements is that this user content is protected against 
unauthorized access so that in case the storage medium is lost or stolen, the stored content is 
not readable by anyone* To provide such privacy protection, only the user who recorded the 
content shall preferably be able to access the content The protection should further be 
adapted such that the user does not easily lose access to the content, e.g. by forgetting a key 
or password. Further, the user should be able to choose if content shall be protected or not. 

It is thwefore an object of the present invention to provide a method of and 
device for protecting content which fulfil the above described requirements and guarantee 
protection against unauthorized access of contoat stored on a storage medium. Further, a 
method of and device for accessing such content shall be provided. 

This object is achieved according to the present invention by a method of 
protecting content stored on a storage medium against unauthorised access, said storage 
medium being accessible by a drive of a portable device which is connectable to a network, 
said method comprising the steps of: 

- transmitting an identifier of said storage mediimi or the user to an authentication unit within 
said portable device or within said network, 

- generating a cryptographic key using said identifier and an authentication key by an 
authentication algorithm within said authentication unit. 
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- transmitting said cryptographic key from said authentication unit to said drive, 

- encrypting the content to be protected using said cryptographic key, and 

- storing the encrypted content on said storage medium. 

This object is further achieved according to the present invention by a device 
5 for protecting content stored on a storage medium against unauthorized access, said storage 
medium storing a machine-readable identijBer, said device comprising: 
means for connecting said device to a network, 

a drive for accessing said storage medium, in particular for reading content 
from and writing content to said storage medium, 
10 - a transmitter for transmitting an identifier of said storage medium or the user 

to an authentication unit within said device or within said network, a receiver-for receiving a 
cryptographic key gCTierated within said authentication unit by an authentication algorithm 
using said identifier and an authentication key and for transmitting said cryptographic key to 
said drive, and 

15 - encryption means for encrypting content to be protected using said 

cryptographic key for storage on said storage medium. 

The invention is based on the idea to use an authentication method used for 

authenticating said portable device within the network, in particular when that portable 

device coimects to the network, for generating a cryptographic key which can then be used 
20 for encrypting coiitent if required. Such authentication procedures, as for , instance the 

authentication procedure for a mobile phone network, are very secure. Breaking the 

auflientication algorithm used in a mobile phone network would allow the user to make calls 

that would be billed to other users. Therefore, the level of protection of such an 

authentioation^gorithm4s^myii^^d4s-Gonsider^ 

25 user's data when using the authentication algorithm for generating an encryption key as 

proposed according to the present invention. 

Preferred embodiments of the invention are defined in the dependent claims. A 

method of accessing content protected according to the method of protecting content 

according to the present invention comprises the steps of: 
30 - transmitting an identifier of said storage medium or the user to an authentication unit within 

said portable device or within said network, 

- generating a cryptographic key using said identifier and an authentication key by an 
authentication algorithm within said authentication unit, 
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- transmitting said cryptographic key from said auflientication unit to said drive, and 

- decrypting the content to be accessed using said cryptographic key. 

A device for accessing content protected according to the method of protecting 
content according to the present invention comprises: 

means for coimecting said device to a network, 

a drive for accessing said storage medium, in particular for reading content 
from and writing content to said storage mediimi, 

a transmitter for transmitting an identifier of said storage medium or tiie user 
to an authentication unit within said device or within said network, a receiver for receiving a 
cryptographic key generated within said authentication unit by an authentication algorithm 
using said identifier and an authentication key and for transmitting said cryptographic key to 
said drive, and 

decryption means for decrypting content to be accessed using said 
cryptogr^hic key. 

The invention further relates to a computer program for implementing the 
methods according to the present invention. 

According to preferred embodiment of the invention the authentication unit is 
part of the portable device, i.e. is a SIM (Subscriber Identity Module) card reader in a mobile 
phone. Thus, for generating the cryptograpHc key, the identifier is transmitted internally 
within the portable device to the authentication unit, i.e. the SIM caid reader, where by use of 
the authentication procedure tiie cryptographic key is generated. Therefore a predefined 
authentication algorithm and an autiientication key, which is preferably a shared secret key 
which is only known to the authentication unit and the network, in particular an 
authentication instance within flie network, are used which are providing a high security 
against hacking. 

In an alternative embodiment, the authentication unit is part of the network. In 
this embodhnent flie identifier has to be transmitted to said autiientication unit in flie network 
which, after generating a cryptographic key, resends it to tiie portable device. This is 
particularly useful if not only tiie portable device is able to read the storage medium, but 
ottier devices as well, such as a PC, which are not directly connectable to tiie particular 
network. Thus, tiie PC could be allowed to send tiie identifier to tiie network by an additional 
equipment, e.g. by using tiie portable device or via tiie internet as proposed according to 
another embodiment. In tiie network, tiie cryptographic key will tiien be generated and 
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transmitted back to the PC which is then able to encrypt and/or decrypt data of the storage 
medium. 

The authentication key, which is preferably a secret key known to the network 
and the portable device, is either stored in the authentication unit directly or on a removable 
5 authentication memory, such as a SIM card, as is the case for a mobile phone network. 

According to further embodiments of the invention, the storage medium is 
either a removable record carrier, such as an optical disc, a removable hard disc or a \ 
semiconductor memory card, or a non-rOTiovable storage mediion, such as a semiconductor 
mOTLory or a non-removable hard disc. In the latter case, it is preferred that the authentication 
10 key is stored on a removable authentication memory readable by an authentication xmit \ 
within the portable device, but not in the authentication unit directly. 

i 

The invCTition will now be explained in more detail with reference to the 
1 5 drawings in which ; 
Fig, 1 shows a flow chart illustrating the method of protecting content 
according to the present invention and 

Fig. 2 shows a mobile phone network and a nimiber of different portable 
device connectable to said network. 
20 , . 

In a GSM mobile phone network, each user must be identified by the network 
before the user can make calls. If this authentication procedure is not secure then it would be 

possible4^mpeisonate-^other4iser.4mdjnakexall^ wou1d . b . e . bi11ed toJtheir_aaCQUXitJIlxfi 

25 network does not authenticate against the actual mobile phone but against the Subscriber 
Identity Module (SIM) card in the mobile phone. The SIM card is a smart card tiiat can be 
put into any mobile phone, thus allowmg the user to keep the same subscription and number 
while changing mobile phones. 

The authentication works by having a shared secret, in this application 
30 generally called authentication key, between the network, in particular an authentication 
centre (AuC), and the SIM. This authentication key is different for each user. The 
authentication works by a challenge and response protocol. The network challenges the SIM 
by sending a number to it. The SIM uses the authentication key of this particular subscriber 
and a defined authentication algorithm to generate the response which is sent back to the 
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network. The authentication centre of the network performs the same calculation using the 
subscriber's key and validates the result. If the user's response matches the result of the 
authentication centre's calculation then the user has been authenticated and can begin using 
the network, i.e. making phone calls. 
5 UMTS, the next generation mobile network, has a similar procedure as GSM, 

called Authentication and Key Agreement (AKA) procedure between the authentication 
centre and the SIM, which is called USIM in UMTS. 

Figs. 1 and 2 illustrate the invention by way of an example of a mobile 
communication system, such as the GSM system where mobile phones comprise a drive for 

10 accessing a removable or non-removable storage medium. Fig. 1 illustrate the steps of the 
method according to the present invention for accessing such a storage medium in a mobile 
phone. In a first step SI, before being able to use the mobile phone, the user has to enter its 
PIN into the mobile phone. Thereafter the mobile phone authenticates the user to the network 
in step S2 by use of an authentication procedure as described above. After successfid 

15 authentication the mobile phone can be used. 

Before accessing a storage medium by a drive in the mobile phone, a unique 
identifier stored on the storage medium, e.g. a serial number, is read by the drive in step S3. 
The identifier id mi^t be really unique or it could be statistically unique, e.g. randomly 
chosen fi-om a large range of possibility so ttiat in practise it is effectively unique. However, 

20 it is not even necessary for particular plications that the identifier id is unique. Moreover, 
the identifier need not be stored on the storage medium, but could be an identifier of the user 
as well, e.g. the user's PIN. 

This identifia- is used as tiie challenge to the authentication procedure, i.e. in 
step S4 the identifier is transmitted to the authentication unit AU which is either located 

25 within the portable device (the mobile phone) or within the network (the mobile phone 

network). Therein a response is generated in step S5 using the transmitted identifier id and 
the authentication key ak used in step S2 for authentication of the user. Taking these 
parameters as an input to the authentication algorithm, which has already been used in step 
S2 for authentication, a cryptographic key ck is generated by the authentication imit AU. 

30 The cryptographic key ck is thereaft^ transmitted back to the drive D of the 

portable device (S6) where it is either used for encrypting content (S71) and storing the 
ena-ypted content on the storage medium (S81) or for reading encrypted contaat fiom the 
storage medium (S72) and for decrypting the read content (S82) before reproduction. 
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The proposed solution ensures that encrypted content stored on the storage 
medium can only be decrypted if, in case of a mobile phone where the authentication key is 
stored on a removable SIM card, the user's SBM card is present. Without the user's SIM card 
encrypted content stored on the storage medium is unreadable, thus effectively protecting the 

5 user's data. In any case, for reading encrypted content, it is necessary that the authentication 
key is available to the user and that tlae authentication procedure can be performed. 

In case the actual encryption algorithm used to encrypt the data on the storage 
mediimi is very weak, thus allowing a hacker to detemiine the cryptographic key used and 
hence have a challenge/response pair for this user it is nevertheless not possible for the 

10 hacker to detemiine the authentication key since the authentication procedure is designed 
such that knowing a single or even several challenge/response pair(s) is not sufficient. If 
somebody has the SIM card then it would be possible to determine the cryptographic key for 
the storage medium; however, the present solution is intended as a privacy protection, not as 
a copy protection solution. Thus, it is assumed that once someone has the SIM card, he can 

1 5 read the content. However, the hacker would still need the user's PIN in order to access the 
SIM card. 

Generally, the same cryptographic key is used for encrypting the whole 
content to be stored on a storage medium. However, it is also possible to use different 
cryptographic keys for different parts of the storage medium, e.g. by combining the identifier 
20 id with the start address of a storage medium fragment or a sub-identifier stored in a header 
and use this as an input to the authentication algorithm. 

Fig, 2 shows a mobile phone network 1 according to the GSM standard to 
which a number of mobile phones 2, 3, 4 and a personal computer 5 can connect. Different 

embedimCTits-ef^e-inventiQn-^hall-be^xplained in the following . 

25 The mobile phone 2 comprises a SIM card reader 21 for reading a SIM card 8. 

On the SIM card 8 an authentication key is stored which is a secret key shared with an 
authentication centre AuC of the GSM network 1 used for authentication of the mobile phone 
2 when connecting to the network 1 . The mobile phone 2 further comprises a drive D for 
reading and/or storing data on a removable storing medium 7, which can be a small form 
30 factor optical disc in the shown example. The disc 7 comprises a unique identifier which is 
readable by the drive D, e.g. a serial niraiber stored in a particular area on the disc 7. Further, 
a transmission unit 22 is provided for transmitting the read identifier from the drive D to a 
SIM card reader 21 where a cryptographic key is generated by the authentication algorithm 
using the authentication key of the SIM card 8 and the identifier of the disc 7 as inputs. The 
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generated cryptographic key is thereafter transmitted back to the drive D by a second 
transmission imit 23. The received cryptographic key can then be used by the drive D for 
encrypting data to be stored on the disc 7 or for decrypting data read from the disc 7. It shall 
be remarked that the cryptography can also be done in separate means outside the drive. 

5 Instead of a removable storage medium 7 and an appropriate drive D it is also 

possible that the mobile phone comprises a drive D for reading non-removable storage media, 
such as shown for mobile phone 3 where the storage medium 9 is non-removable, such as a 
hard disc or a semiconductor memory. In this case, instead of using an identifier stored on the 
medium 9, the PIN of the SIM card 8 is preferably used as input to the authentication 

10 algorithm together with the authentication key stored thereon. 

Since the present solution is not intended for copy protection, the user is able 
to freely copy its personal information. Thixs, the user can copy the content from any device 
that contains the SIM, and the mobile phone can output the data to another device by either a 
wired or wireless connection. This includes transmitting the data through the wireless 

15 network itself. • 
Reading the storage mediimi in a device that is not intended to connect to the 
mobile network 1, e.g. a PC 5, and which therefore does not support the SIM 8, is more 
difficult. By connecting via an interface to the PC as shown for mobile phone 4 which can 
coimect to the PC 5 using an interface 24 this problem can be avoided. However, if the PC 5 

20 has a drive D that supports the discs 7 then the user will want to be able to read them and also 
record on them although the content stored thereon is protected. This can be solved by 
providing means in the PC 5 for allowing the user to connect, e.g. via the internet 6, to a 
fixed part of the mobile network 1 . hi this way the cryptographic key for accessing the disc 7 
can be generated by the network 1, in particular the authentication centre AuC, by using the 

25 identifier of the disc 7 which is transmitted from the PC 5 via transmission unit 22 via the 
internet 6. Fixrther, the authentication key available to the authentication centre AuC can be 
used. The generated cryptographic key is then transmitted back from the network via the 
internet 6 to a receiving unit 25 in the PC 5 so that the drive D can access the content stored 
on the disc 7. 

30 Obviously in this case the network 1 must authenticate the user through the 

intemet 6; however, many techniques exist to do this. Alternatively, a protocol can be defined 
to allow the mobile phone 4 to transfer the generated cryptogr^hic key to the PC 5 so that 
the PC 5 can store the challenge/response pairs for the user's disc to allow accessing them in 
future without the mobile phone 4. Allowing the user to read the discs from a PC 5 in this 
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way has the jEurther advantage, that, if the SIM card is stolen or lost, the user can still read the 
content from its discs. 

The present invention provides a high level of protection against unauthorized 
access of content stored in encrypted form on a storage medium. The used authentication 
5 procedure is very secure and can therefore be advantageously xised for generating a 
cryptographic key for encryption of content. 

The present invention is not limited to the particular embodiments shown in 
the figures. The invention can not only applied in a mobile phone network to which mobile 
phones are connected, but can be applied in other networks to which portable devices can be 
10 connected and which use a challenge-response authentication procedure sindlar or identical 
as described above. 
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CLAIMS: 



L A method of protecting content stored on a storage medium against 

unauthorised access, said storage medium being accessible by a drive (D) of a portable 
device which is connectable to a network (1), comprising the steps of: 

- transmitting an identijExer (id) of said storage medium or the user to an authentication unit 
5 (Auc) within said portable device or within said network, 

- generating a cryptographic key (ck) using said identifier (id) and an authentication key (ak) 
by an authentication algorithm within said authentication xmit (Auc), 

- transmitting said cryptographic key (ck) from said authentication unit (Auc) to said drive 
(D), 

10 - encrypting the content to be protected using said cryptographic key (ck), and 

- storing the encrypted content on said storage medium. 

2. A method as claimed in claim 1, wherein said identifier (id) is stored on said 
storage mediimi in machine-readable form and is read before transmission to said 

1 5 authentication imit (Auc). 

3. A method as claimed in claim 1, wherein said authentication unit is part of 
said portable device. 

20 4. A mettiod as claimed in claim 1 , wherein said authentication key (ak) is stored 

within said authentication unit or on a removable authentication memory, in particular a SIM 
card, which is readable by said authentication unit 

5. A method as claimed in claim 1, wherein said authentication unit (Auc) is part 
25 of said network. 

6. A method as claimed in claim 1 , wherein said storage medium is a removable 
record carrier, such as an optical disk, a removable hard disk or a semiconductor memory 
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card. 

7. A method as claimed in claim 1, wherein said storage medium is a non- 
removable storage medium, such as a semiconductor memory or a non-removable hard disk. 

5 

8. A method as claimed in claim 1 , wherein said portable device is a mobile 
phone, wherein said authentication unit is a SIM card reader^ wherein said network is a 
mobile phone network and wherein said authentication algorithm corresponds to the 
algorithm used by said mobile phone network for authenticating mobile phones. 

10 

9. A method as claimed in claim 8, wh^ein said identifier (id) is the PIN of the 
user. 

10. A method as claimed in claim 1 , wherein said identifier (id) is transmitted 

15 from said portable device to said authentication unit (Auc) via the internet and a link from the 
internet to said network, in particular via a computer connected to the internet 

11. A device for protecting content stored on a storage medium against 
unauthorized access, said storage medium storing a machine-readable identifier (id), said 

20 device comprising: 

means for connecting said device to a network, 

a drive (D) for accessing said storage medium, in particular for reading content 
from and writing content to said storage medium, 

a^ansmitt@^-feF-tetnfflEdttin&^334d@ntifi^^ — 

25 user to an authentication unit (Auc) within said device or within said network, 

a receiver for receiving a cryptographic key (ck) generated within said 
authentication unit (Auc) by an authentication algorithm using said identifier (id) and an 
authentication key (ak) and for transmitting said cryptographic key (ck) to said drive (D), and 
encryption means (D) for encrypting content to be protected using said 
30 cryptographic key (ck) for storage on said storage medium. 

12. A method of accessing content stored in encrypted form on a storage medium, 
said storage medium being accessible by a drive (D) of a portable device which is 
coimectable to a network, comprising the steps of: 
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- transmitting an identifier (id) of said storage medium or the user to an authentication unit 
(Auc) within said portable device or within said network, 

- generating a cryptographic key (ck) using said identifier (id) and an authentication key (ak) 
by an authentication algorithm within said authentication unit (Auc), 

5 - transmitting said cryptographic key (ck) firom said authentication unit (Auc) to said drive 
(D),and 

- decrypting the content to be accessed using said cryptographic key (ck), 

13, A device for accessing content stored on a storage medium against 

1 0 unauthorized access comprising: 



firom and writing content to said storage medium, 

a transmitter for transmitting an identifier (id) of said storage medium or the 
15 user to an authentication unit (Auc) within said device or within said network, 

a receiver for receiving a cryptographic key (ck) generated within said 
authentication unit (Auc) by an authentication algorithm using said identifier (id) and an 
authentication key (ck) and for transmitting said cryptographic key (ck) to said drive (D), and 
decryption means (D) for decrypting content to be accessed using said 
20 cryptographic key (ck)» 

14. Device as claimed in claim 1 1 or 13, wherein said device is a mobile phone, 

whwein said autiientication unit is a SIM card reader, wherein said network is a mobile 
phone network and wherein said authentication algorithm corresponds to the algorithm used 
25 by said mobile phone network for authenticating mobile phones. 



means for connecting said device to a network, 

a drive (D) for accessing said storage medium, in particular for reading content 



15. Computer program comprising computer program code means for causing a 

computer to perform the steps of the method as claimed in claim 1 or 12 when said program 
is run on a computer. 
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ABSTRACT: 

-^Q 1 
2 0, 08. 2002 

The present invention relates to a method of p^t^ting content stored on a 
storage medium (7) against iinautiiorized access, said storage medium (7) being accessible by 
a drive (D) of a portable device (2) which is connectable to a network (1). In order to provide 
a high level of protection against unauthorized access it is proposed to use the authentication 
5 procedure of the network (1) to generate a cryptographic key (ck) for encryption and 

decryption of content stored on said storage medium (7). In particular, the present invention 
is used in a mobile phone network where the authentication key (ak) is stored on a SIM card 
(8) used in a mobile phone (2). 
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